SMB Cybersecurity Challenges: “Collaboration is our greatest armory”

SMB Cybersecurity Challenges: “Collaboration is our greatest armory” with Sally Eaves

• Series 1
• Episode 9

In this episode of the #beyondthenow IoT security podcast, we are joined by Dr. Sally Eaves, Senior Policy Advisor for the Global Foundation, Experienced CTO, Professor in Advanced Technology, and Global Strategic Advisor. David and Sally explore the impact of COVID-19 on our lives and how this has increased cybersecurity awareness. We also look at small and medium-sized business (SMB) cybersecurity, focusing on the challenges they face and how collaboration can help secure the future of the IoT.

Listen on Apple Podcasts Listen on Google Podcasts Listen on Spotify

Discover Key Talking Points in this Episode

• Introduction to Dr. Sally Eaves. [1:05]: A highly experienced CTO Professor in Advanced Technology, Sally is a Senior Policy Advisor for the Global Foundation of Cyber Studies and Research and CEO of Aspirational Futures, which enhances inclusion in education and technology.
• Technology as a cause for good. [2:32]: “I’m incredibly passionate about technology as a force for good, so the digital transformation of business, but also what we can do for society alongside that. And I believe we can bring the two things together.”
• The emergence of hybrid models over the last 12 months. [3:18]: “I think one way of looking at it would be hybridity. Both working and personal things have been coming together and that’s had a significant impact on security. I think there’s a growing recognition now that this is a shared responsibility around security. It has to be all levels of the organization. It can’t be a tick box exercise.”
• Has COVID-19 raised cybersecurity awareness? [7:16]: Covid has “opened up new considerations and I think new conversations within families about cyber protection as well. That’s helped people focus on this in more detail. It’s not just our work. It’s not just how we access personal learning or entertainment. It’s actually, whole families are using different devices for everything that’s important in our everyday life.”
• Companies are changing how they approach digital transformation and security. [9:30]: “What’s really key is that I’m seeing a sea change in terms of where these dialogues are starting from. So as one example, the CFO. Seeing more involvement of CFOs in discussions alongside the CEO, CSO and CIO roles and becoming more of an agent of change, more strategic leadership and really getting involved in security discussions in a way that hasn’t been before.”
• The role the tech industry has in improving cybersecurity awareness in schools and organizations. [12:09]: “We’ve been developing specific courses around this particular area. We talk a lot about, um, types of literacy in education. And I think the two biggest areas we need to focus more on this is just my personal opinion, but financial literacy, even education, but also cyber literacy within education as well.”
• Cybersecurity is a part of your business strategy, not separate. [13:28]: “I think sometimes security has been talked about as almost like a separate strategy. Security has to be embedded in every aspect of organizational strategy. It’s right in there as a central pillar.”
• SMB Cybersecurity- Why are smaller companies struggling to implement best practice security? [14:22]: “Vulnerability for SMBs to cyber breaches is growing around 400% per year. We have to dispel the perceptions that SMEs or SMBs have less to offer cybercriminals because that’s not the case. It’s not the case at all. In fact, they can be the gateway to a huge supply chain.”

• The PSA Certified 2021 Security Report highlighted the challenges of a lack of expertise. [17:08]: “One of the aspects around this is this security skill shortage that we’ve got. I think the latest stats are somewhere like 3.5 million unfilled security roles for this year alone. It’s huge and it’s growing. And we’ve also got a lack of diversity of experience around who’s actually building the security as well.”
• The misconceptions around IoT security access and cost. [17:08]: “Some organizations don’t know where to go to for their trusted sources of education around these areas. Some things can be behind a paywall, for example. A lot of these things are becoming actually more accessible, but the perception is that they might be, you know, this isn’t within our remit. There’s an awareness that the cost imperative will be too high. I noticed that coming out of your reports as well, that cost is another real, real concern. And I think that can be very genuinely the case in some situations”
• 5G and other emerging technologies offer a wealth of possibilities, but this needs to be underpinned by robust security infrastructure. [21:12]: “I’m very positive about 5G. And I think that again is a huge democratization opportunity, but it has to be done in this ecosystem approach. We have to look at that data access and we have to make sure things are being done in a secure way that protects privacy, et cetera, as well.”
• What are the biggest challenges for CTOs and CIOs on the digital transformation journey? [22:46]: “One would be fragmentation, particularly around regulation. And I think the other one would be the cost. The upfront cost is difficult and R and D costs as well would be another area around that. We’ve got this intersection, where we’ve got increasing technology integration- we’ve got more and more connected devices coming together- but we’re still dealing with issues around legacy tech.”

• The importance of changing the narrative around security. [25:18]: “Security is not just a cost, it’s talking about something that can enable the future of your organization. It can be a huge differentiator. Security is part of the DNA of an organization is a driver of change. It’s not a bottom-up or top-down approach. It’s truly holistic at every level of the organization. It doesn’t matter what role you have. You’ve all got an equal part to play.”
• What is the future going to look like in 5 years? [27:18]: “One of the things I think has come through strongly is the power of collaboration. Collaboration as a positive contagion of change. I’m looking to see that we’ll have an unprecedented level of tech collaboration. That for me has got to be the future of digital security and assurance.”
• Bridging the gap between the perceptions of IoT security and reality. [29:12]: “One of the other things I noticed from your report is that there is a perception gap on kind of how well organizations were doing in terms of implementation and the actuality. As the sophistication of security attacks gets greater and greater, we need to do the same from a defense point of view. I think collaboration is the greatest kind of armory we have to be able to do that.”
• Sally’s main piece of advice for companies when approaching IoT security. [31.07]: “Develop a more proactive stance and ensure that everything you’re doing is holistic, flexible, and scalable. That’s what you want your security strategy to be. I would encourage people to look at this security by design and look for support in this area. I think what you’re doing with the PSA Certified framework is a fantastic example of democratizing access.”

More About Your Podcast Host David Maidment

David Maidment (Senior Director of the Secure Device Ecosystem at Arm- a PSA Certified Co-founder) leads our discussions on the latest trends and developments from the world of IoT security.

Based in Cambridge UK, David brings over 25 years of experience in the embedded and IoT industry. He specializes in the intersection between device security and business assurance to drive best practice security adoption across the electronics industry. In his role at Arm, David leads device security ecosystem activities including the widely adopted PSA Certified initiative.